From cba52c9e6c67ae2ee723c76f0c9ed165b657df63 Mon Sep 17 00:00:00 2001
From: aribeiro <anderson.ribeiro@est.tech>
Date: Mon, 12 Jul 2021 15:10:19 +0100
Subject: Fix security vulnerabilities

Issue-ID: SDC-3634
Signed-off-by: aribeiro <anderson.ribeiro@est.tech>
Change-Id: I2ad864179cea8021773a9ea80953d995d75d36d0
---
 .../vendorsoftwareproducts/types/VspDescriptionDto.java    | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest')

diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-types/src/main/java/org/openecomp/sdcrests/vendorsoftwareproducts/types/VspDescriptionDto.java b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-types/src/main/java/org/openecomp/sdcrests/vendorsoftwareproducts/types/VspDescriptionDto.java
index 010e0d3818..90a094e817 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-types/src/main/java/org/openecomp/sdcrests/vendorsoftwareproducts/types/VspDescriptionDto.java
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/vendor-software-products-rest/vendor-software-products-rest-types/src/main/java/org/openecomp/sdcrests/vendorsoftwareproducts/types/VspDescriptionDto.java
@@ -17,6 +17,7 @@ package org.openecomp.sdcrests.vendorsoftwareproducts.types;
 
 import javax.validation.constraints.NotNull;
 import lombok.Data;
+import org.openecomp.sdc.common.util.ValidationUtils;
 import org.openecomp.sdc.vendorsoftwareproduct.dao.type.LicenseType;
 import org.openecomp.sdc.vendorsoftwareproduct.types.LicensingData;
 
@@ -36,8 +37,19 @@ public class VspDescriptionDto {
     private String vendorName;
     @NotNull
     private String vendorId;            // this will be populated with vlm id
-
     private String licensingVersion;    // this will be populated with vlm version
     private LicenseType licenseType;
     private LicensingData licensingData;
+
+    public void setName(final String name) {
+        this.name = ValidationUtils.sanitizeInputString(name);
+    }
+
+    public void setVendorName(final String vendorName) {
+        this.vendorName = ValidationUtils.sanitizeInputString(vendorName);
+    }
+
+    public void setDescription(final String description) {
+        this.description = ValidationUtils.sanitizeInputString(description);
+    }
 }
-- 
cgit 1.2.3-korg